redline | ef5f90190b02567c1e2afb1835edb80b0a6276178df005b3a366eac080ef3ac0 | Triage

Sharing

General

Target

file.exe
Size

2.4MB
Sample

221206-wvwjxaed9s
MD5

7154a5f46e98fb0ce707e73613e1e069
SHA1

7df1d61b71e6b30d41cccf06f9bc5057c66587db
SHA256

ef5f90190b02567c1e2afb1835edb80b0a6276178df005b3a366eac080ef3ac0
SHA512

fa065a89886292353d347bf507ba166e98f1a896d6d69eb049d164d4605c605ad6a12e82c1d2254a8f810cee60417204e4777f3b1e414a3d88b95499055c52bf
SSDEEP

12288:zEfdieNsYHk31Qbgp1NvQu+0f5gwYqfhuaDYsKm0S6n:zL31QEp1hQ0fqwYqfqsNy

Score

10^/10

redline @andriii_ff infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@andriii_ff

C2

176.124.220.67:30929

Attributes

auth_value
525a7ad8080b3552f2f7735af7644111

Targets

- Target
  
  file.exe
- Size
  
  2.4MB
- MD5
  
  7154a5f46e98fb0ce707e73613e1e069
- SHA1
  
  7df1d61b71e6b30d41cccf06f9bc5057c66587db
- SHA256
  
  ef5f90190b02567c1e2afb1835edb80b0a6276178df005b3a366eac080ef3ac0
- SHA512
  
  fa065a89886292353d347bf507ba166e98f1a896d6d69eb049d164d4605c605ad6a12e82c1d2254a8f810cee60417204e4777f3b1e414a3d88b95499055c52bf
- SSDEEP
  
  12288:zEfdieNsYHk31Qbgp1NvQu+0f5gwYqfhuaDYsKm0S6n:zL31QEp1hQ0fqwYqfqsNy
Score

10^/10

redline @andriii_ff infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@andriii_ffinfostealerspyware

behavioral2

redline@andriii_ffinfostealerspyware